Code Quality Tools in Java

There are several tools to measure the code quality of my free timetabling software TimeFinder. Here are the tools I tried with success:

  • FindBugs (latest version 1.3.8) – uses static analysis to look for bugs in Java code. This is a great tool, it discovered possible NullPointerExceptions and a lot more bugs in my projects. Sometimes I asked myself how this program could have discovered this ‘complicated’ bug.With the maven plugin you can do:
    mvn findbugs:findbugs

    which will use version 1.3.8 out of the box

  • PMD (latest version 4.2.5) – scans Java source code and looks for potential problems. The rules are configurable, but at the beginning you will only need the provided one (and spend a lot of time to choose your favourites ;-))In NetBeans 6.5 this tool is well integrated and works like a charme (CTRL+ALT+P).With the maven plugin you can do:
    mvn pmd:pmd

    after you specified the following in the pom.xml under<reporting> <plugins> :


Other tools could be

  • JarAnalyzerIs a dependency management utility for jar files. It’s primary purpose is to traverse through a directory, parse each of the jar files in that directory, and identify the dependencies between the jar files.
  • HammurAPIa code quality governance platform

but I didn’t tried them so far.

For Findbugs  and pmd there is a NetBeans plugin (SQE … software quality environment) which looks promising, but fails with a NullPointerException after I installed it via the update center and tried it on my project. Maybe I should use one of the snapshots. (BTW: I successfully used the pmd-plugin and findbugs in the standalone version).

Sonar is another interesting approach to use several code quality tools at a time. With Sonar it is possible to see the violations or possible bugs over das or weeks  – so, you are looking at the improvements and you will not get lost in the mass of bugs at the beginning. Another “multi-tooling” project is XRadar.

A little bit offtopic, but a great tool is proguard, which shrinks, optimizes, obfuscates and preverifies Java class files. There is even a maven plugin for that.


6 thoughts on “Code Quality Tools in Java

  1. Checkstyle is the third one in opensource which is often used after findbugs and pmd. Checkstyle is easy to use for example in maven. Other external tools are not in common use for what I have seen.

    But do not forget that Eclipse (or NetBeans I suppose) include some compile & javadoc checkers that just need to be enabled.

    And if you have some time you could use my own Dead Code Detector :

  2. “is another interesting approach to use several code quality tools at a time.”

    Have you looked at hudson. Webbased reports for everyone to see. CPD, PMD findbugs easely setup and trends of them to booth(which helps a lot in tracking which commits(/code/user) caused problems.)

    Which features a hell of a lot more which I haven’t looked at yet.

  3. Besides the statical approach to identify issues you can also do dynamic execution analysis of your code – this would allow you to identify architectural issues like “the same SQL is executed multiple times for the same transaction” or “too many roundtrips via the remoting channel”.
    The following blog describes the basic principles about performance management – with a focus on how to automate that process in a continuous integration environment:

  4. Hello,

    there is a new open source quality tool called CODERU ( , developed by me to support my current project) that uses quite other approach as FindBugs or PMD.

    While FindBugs and PMD have a focus on the method and algorithm level, CODERU addresses structural quality on package and therefor classes dependency level.

    CODERU force you and your teem member to write layered and component oriented code by follow predefined coding rules.

    The rules are simple, but prevent arising a complex design problems.

    The CODERU-rules rely on reserved package names and the allowed dependency rules between them expressed in a general way.

    Unlike other tool forcing you to define allowed or disallowed individual package dependencies CODERU is based on a fixed set of general rules. The dependencies between packages need not be defined explicitly.

    For more information visit a tool home page .

    Ciao, Alexander

Comments are closed.